Statistical Protocol IDentification with SPID: Preliminary Results

Paper i proceeding, 2009

Identifying application layer protocols within network
sessions is important when assigning Quality of Service
(QoS) priorities as well as when conducting network security
monitoring. This paper introduces a Statistical Protocol IDentification algorithm (SPID) utilizing various statistical flow and application layer data features. We have identified application layer protocols by comparing probability vectors created from observed network traffic to probability vectors of known protocols. Promising preliminary results are presented, showing average precision of 100% and recall of 92% for a small set of protocols within traffic traces from an access network. To further improve the results, a number of ongoing and future directions with SPID are discussed, such as optimization of
the attribute meters and improving robustness against different network environments.